Backdoor in Galaxy Devices

Friday, March 14, 2014 @ 03:03 PM gHale

There is a backdoor in a series of Samsung Galaxy devices that could allow attackers to gain remote access to them and their contents.

“Today’s phones come with two separate processors: one is a general-purpose applications processor that runs the main operating system, e.g. Android; the other, known as the modem, baseband, or radio, is in charge of communications with the mobile telephony network,” said Paul Kocialkowski one of the developers of Replicant, a “fully free/libre version of Android” in a blog post.

“This processor always runs a proprietary operating system, and these systems are known to have backdoors that make it possible to remotely convert the modem into a remote spying device,” Kocialkowski said.

“The spying can involve activating the device’s microphone, but it could also use the precise GPS location of the device and access the camera, as well as the user data stored on the phone. Moreover, modems are connected most of the time to the operator’s network, making the backdoors nearly always accessible.”

In their work, they analyzed this proprietary program shipped and running on Samsung devices, and they discovered that it allows the modem to read, write, and delete files on the phone’s storage, and also to access and modify the user’s personal data on several of the devices.

“Provided that the modem runs proprietary software and can be remotely controlled, that backdoor provides remote access to the phone’s data, even in the case where the modem is isolated and cannot access the storage directly,” Kocialkowski said in the blog.